Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING

Similar documents
Docker und IBM Digital Experience in Docker Container

An introduction to Docker

Introduction to Container Technology. Patrick Ladd Technical Account Manager April 13, 2016

Engineering Robust Server Software

Think Small to Scale Big

Introduction to Containers

TEN LAYERS OF CONTAINER SECURITY

Docker Deep Dive. Daniel Klopp

Introduction to containers

Docker 101 Workshop. Eric Smalling - Solution Architect, Docker

Travis Cardwell Technical Meeting

State of Containers. Convergence of Big Data, AI and HPC

[Docker] Containerization

THE ROUTE TO ROOTLESS

Docker and Security. September 28, 2017 VASCAN Michael Irwin

Cloud & container monitoring , Lars Michelsen Check_MK Conference #4

Containers and isolation as implemented in the Linux kernel

1 Virtualization Recap

TEN LAYERS OF CONTAINER SECURITY

Investigating Containers for Future Services and User Application Support

docker & HEP: containerization of applications for development, distribution and preservation

OS Containers. Michal Sekletár November 06, 2016

Who is Docker and how he can help us? Heino Talvik

Asterisk & the Docker revolution Some lessons from the trenches

Portable, lightweight, & interoperable Docker containers across Red Hat solutions

Docker. Master the execution environment of your applications. Aurélien Dumez. Inria Bordeaux - Sud-Ouest. Tuesday, March 24th 2015

RDMA Container Support. Liran Liss Mellanox Technologies

Getting Started With Containers

Running Docker applications on Linux on the Mainframe

Container-based virtualization: Docker

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

containerization: more than the new virtualization

OS Virtualization. Linux Containers (LXC)

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

Introduction to Virtualization and Containers Phil Hopkins

Docker Security. Mika Vatanen

Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus

ISLET: Jon Schipp, AIDE jonschipp.com. An Attempt to Improve Linux-based Software Training

Shifter at CSCS Docker Containers for HPC

OS Security III: Sandbox and SFI

DevOps in the Cloud A pipeline to heaven?! Robert Cowham BCS CMSG Vice Chair

Dockerized Tizen Platform

Arup Nanda VP, Data Services Priceline.com

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

What s Up Docker. Presented by Robert Sordillo Avada Software

Presented By: Gregory M. Kurtzer HPC Systems Architect Lawrence Berkeley National Laboratory CONTAINERS IN HPC WITH SINGULARITY

DGX-1 DOCKER USER GUIDE Josh Park Senior Solutions Architect Contents created by Jack Han Solutions Architect

Infrastructure Security 2.0

Building Your First SQL Server Container Lab in Docker

Flatpak a technical walk-through. Alexander Larsson, Red Hat

SAINT LOUIS JAVA USER GROUP MAY 2014

PVS Deployment in the Cloud. Last Updated: June 17, 2016

Linux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat

Deployment Patterns using Docker and Chef

Docker for Sysadmins: Linux Windows VMware

Infrastructure at your Service. Oracle over Docker. Oracle over Docker

Azure Sphere: Fitting Linux Security in 4 MiB of RAM. Ryan Fairfax Principal Software Engineering Lead Microsoft

High Performance Containers. Convergence of Hyperscale, Big Data and Big Compute

The failure of Operating Systems,

ovirt and Docker Integration

Splunk N Box. Splunk Multi-Site Clusters In 20 Minutes or Less! Mohamad Hassan Sales Engineer. 9/25/2017 Washington, DC

Quick Prototyping+CI with LXC and Puppet

Network softwarization Lab session 2: OS Virtualization Networking

Container's Anatomy. Namespaces, cgroups, and some filesystem magic 1 / 59

Neale Ferguson

~Deep dive into Windows Containers and Docker~

Przyspiesz tworzenie aplikacji przy pomocy Openshift Container Platform. Jarosław Stakuń Senior Solution Architect/Red Hat CEE

Getting Started with Hadoop

Kubernetes The Path to Cloud Native

Container Isolation at Scale (... and introducing gvisor) Dawn Chen and Zhengyu He

Container Security and new container technologies. Dan

Docker & why we should use it

Logging, Monitoring, and Alerting

Red Hat Containers Cheat Sheet

Containers 101. with Podman on Fedora 29. Alessandro Arrichiello. Solution Architect, Red Hat

Containerizing GPU Applications with Docker for Scaling to the Cloud

EE 660: Computer Architecture Cloud Architecture: Virtualization

Midterm Presentation Schedule

Docker Cheat Sheet. Introduction

CS-580K/480K Advanced Topics in Cloud Computing. Container III

Docker for HPC? Yes, Singularity! Josef Hrabal

Singularity: Containers for High-Performance Computing. Grigory Shamov Nov 21, 2017

How Container Runtimes matter in Kubernetes?

Container Security. Marc Skinner Principal Solutions Architect

Container mechanics in Linux and rkt FOSDEM 2016

DevOps Course Content

agenda PAE Docker Docker PAE

Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS

Building A Better Test Platform:

Deploy containers on your cluster - A proof of concept

Important DevOps Technologies (3+2+3days) for Deployment

Securing Containers on the High Seas. Jack OWASP Belgium September 2018

PROCESS MANAGEMENT Operating Systems Design Euiseong Seo

Software containers are likely to become a very important tool over the

Distributed Computing Framework Based on Software Containers for Heterogeneous Embedded Devices

SQL Server inside a docker container. Christophe LAPORTE SQL Server MVP/MCM SQL Saturday 735 Helsinki 2018

DOCKER 101 FOR JS AFFICIONADOS. Christian Ulbrich, Zalari UG

How to build and run OCI containers

深 入解析 Docker 背后的 Linux 内核技术. 孙健波浙江 大学 SEL/VLIS 实验室

Andrej Filipčič

Transcription:

Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING

Agenda Intro / Prep Environments Day 1: Docker Deep Dive Day 2: Kubernetes Deep Dive Day 3: Advanced Kubernetes: Concepts, Management, Middleware Day 4: Advanced Kubernetes: CI/CD, open discussions 2

What is This Docker Thing? A company? A format? An API? Framework? Or, maybe something in the Cloud. Everything s in the cloud seems like these days! 3

That s Not New About Docker Linux-native functionality Control Groups (cgroups) Kernel Namespaces chroot Linux Capabilities Security (SELinux) 4

What Are Cgroups Built into Kernel (RHEL7/Debian/etc) Generically isolates resource usage (CPU, memory, disk, network) Guarantee resources to app/set of apps Can be adjusted on the fly Can monitor the cgroup itself to see utilization 5

What Are Cgroups Wikipedia says: cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes. 6

CGROUP No. 1 Diagram of Control Groups CPU 512 Shares MEMORY No Limit NETWORK No Limit STORAGE I/0 No limit PROCESSES Firefox-*, npmviewer.bin USERS @admin, student-1, student-2, guest 7

Kernel Namespaces Isolating views of the system You can make a process think it s the only process Built-in ways to "virtualize" a process Wikipedia says: Namespaces are a feature of the Linux kernel that isolates and virtualizes system resources of a collection of processes. Examples of resources that can be virtualized include process IDs, hostnames, user IDs, network access, interprocess communication, and filesystems. 8

Kernel Namespaces mnt pid net ipc uts user mount points, filesystem processes network stack inter-process comms hostname UIDs 9

Linux capabilities Like Linux, root has all capabilities. Includes a fine-grained division of root's permissions for a processes. CAP_NET_ADMIN - modify routing tables, firewalling, NAT, etc. CAP_KILL - bypass any checks for sending the kill signals CAP_SYS_ADMIN - mount, set hostname, etc. 10

Docker Brings Together Storage Linux Kernel Device Mapper Btrfs Aufs Namespaces PID MNT IPC UTS NET Cgroups Networking veth bridge iptables Security cpu cpuset memory device Capability SELinux seccomp 11

Why is this Important? Think about image formatting vs. golden imaging When using API calls Packaging Structural separation of concerns (Devs/Ops) Density and infrastructure utilization 12

Foundations of Docker References Parent Image Writable Container Image Image Base Image bootfs 13

Virtualization vs. Containerization Virtualization app app lib lib OS OS Hypervisor OS x86 Hardware Containerization app lib app lib OS x86 Hardware namespaces cgroups chroots 14

Immutable Infrastructure "We ll put it back in Ansible" Cattle vs. Pets Don t change it; replace it System created fully from automation; avoid drift Manual intervention is error prone How does Docker help? 15

Basic Docker Components Docker Client Docker Daemon Images Registry Containers 16

Basic Docker Components 17

Docker Images Templates from which containers are created Layered using union filesystems Each change to the system is a layer added Typically created from instructions stored in Dockerfiles Stored in a Docker registry, locally or remotely 18

Docker Containers Runtime instance of a Docker Image Copy on write file system; changes localized Virtualized with namespaces, cgroups, SELinux, etc. Each has own IP address, networking, and volumes Intended to run single process (process virtualization) 19

Developer Workflow Work from Vagrant image Can trash and reboot it any time Locally running Docker client Source code in developer IDE When ready, use tooling to generate Docker image, or hand craft Run image locally - possibly with others Push code, or image CI process kicks in 20

Developer Works Locally Development Image Client BUILD Dockerfile 21

Developer Pushes Code Development Image Client BUILD Dockerfile Image BUILD Dockerfile 22

Hello Docker Container LET S CREATE OUR FIRST CONTAINER 23

Pull a Docker Image Let s pull a Centos 7 image from DockerHub, like this: Output: docker pull centos:7 Pulling from library/centos fa5be2806d4c: Pull complete 0cd86ce0a197: Pull complete e9407f1d4b65: Pull complete c9853740aa05: Pull complete e9fa5d3a0d0e: Pull complete Digest: sha256:xxxxxxxxxxxxx... Status: Downloaded newer image for centos:7 24

List Docker Images Now, let s list all our locally installed images, like: docker images Output: REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos 7 e9fa5d3a0d0e 2 days ago 172.3 MB 25

List Docker Images We can pass the images command (-a) option to see all images, past and present: Output: docker images -a REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos 7 e9fa5d3a0d0e 2 days ago 172.3 MB <none> <none> c9853740aa05 2 days ago 172.3 MB <none> <none> e9407f1d4b65 2 days ago 172.3 MB <none> <none> 0cd86ce0a197 2 days ago 172.3 MB <none> <none> fa5be2806d4c 5 weeks ago 0 B 26

Running Our First Docker Container Here s how we can then run a Linux command inside a Docker container: docker run rm centos:7 echo hello world Output: hello world Woah, what happened? It just printed "hello, world"? So what? 27

Running Our First Docker Container Let s run a Linux shell inside a Docker container, from the inside: Output: docker run --it --rm centos:7 bash [root@d7dfcc490cbe /]# _ 28

Inside Our Container Now from inside the Docker container itself, we ll issue commands, like this: Output: # ll /etc/*-release -rw-r--r-- 1 root root 38 Mar 31 2015 /etc/centos-release -rw-r--r-- 1 root root 393 Mar 31 2015 /etc/os-release lrwxrwxrwx 1 root root 14 Aug 14 21:00 /etc/redhat-release -> centos-release lrwxrwxrwx 1 root root 14 Aug 14 21:00 /etc/system-release -> centos-release 29

Inside Our Container We can now play around with Linux commands within the container: # hostname -f # cat /etc/hosts # ps aux # yum -y install vim # ip a If it looks like Linux and it works like Linux... 30

Let s Make a Mess Now, lets pretend we do some destructive stuff, on purpose: # rm fr /usr/sbin And now say we delete this, too: # rm fr /usr/bin Now, if we tried to issue any commands, like ls, ps, or cd we d get: bash: /usr/bin/ls: No such file or directory Whoops cannot ls, cd or do anything useful anymore. What d we d do? 31

How Easy Is Starting Over In the last slide we pretended to destroy all our hard work. Now, how easy is it to start over? Just exit the container and fire up a new one: docker run --it --rm centos:7 bash And everything is back! Wow right? 32

Lab 33

End of Chapter

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback